linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] bnxt_en: avoid string overflow for record->system_name
@ 2018-08-13 21:26 Arnd Bergmann
  2018-08-13 21:47 ` Michael Chan
  2018-08-14  3:46 ` David Miller
  0 siblings, 2 replies; 3+ messages in thread
From: Arnd Bergmann @ 2018-08-13 21:26 UTC (permalink / raw)
  To: Michael Chan, David S. Miller
  Cc: Arnd Bergmann, Vasundhara Volam, Scott Branden, Andy Gospodarek,
	netdev, linux-kernel

The utsname()->nodename string may be 64 bytes long, and it gets
copied without the trailing nul byte into the shorter record->system_name,
as gcc now warns:

In file included from include/linux/bitmap.h:9,
                 from include/linux/ethtool.h:16,
                 from drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:13:
In function 'strncpy',
    inlined from 'bnxt_fill_coredump_record' at drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:2863:2:
include/linux/string.h:254:9: error: '__builtin_strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]

Using strlcpy() at least avoids overflowing the destination buffer
and adds proper nul-termination. It may still truncate long names
though, which probably can't be solved here.

Fixes: 6c5657d085ae ("bnxt_en: Add support for ethtool get dump.")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index b1602ea64372..e52d7af3ab3e 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -2860,8 +2860,8 @@ bnxt_fill_coredump_record(struct bnxt *bp, struct bnxt_coredump_record *record,
 	record->low_version = 0;
 	record->high_version = 1;
 	record->asic_state = 0;
-	strncpy(record->system_name, utsname()->nodename,
-		strlen(utsname()->nodename));
+	strlcpy(record->system_name, utsname()->nodename,
+		sizeof(record->system_name));
 	record->year = cpu_to_le16(tm.tm_year);
 	record->month = cpu_to_le16(tm.tm_mon);
 	record->day = cpu_to_le16(tm.tm_mday);
-- 
2.18.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] bnxt_en: avoid string overflow for record->system_name
  2018-08-13 21:26 [PATCH] bnxt_en: avoid string overflow for record->system_name Arnd Bergmann
@ 2018-08-13 21:47 ` Michael Chan
  2018-08-14  3:46 ` David Miller
  1 sibling, 0 replies; 3+ messages in thread
From: Michael Chan @ 2018-08-13 21:47 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: David S. Miller, Vasundhara Volam, Scott Branden,
	Andy Gospodarek, Netdev, open list

On Mon, Aug 13, 2018 at 2:26 PM, Arnd Bergmann <arnd@arndb.de> wrote:
> The utsname()->nodename string may be 64 bytes long, and it gets
> copied without the trailing nul byte into the shorter record->system_name,
> as gcc now warns:
>
> In file included from include/linux/bitmap.h:9,
>                  from include/linux/ethtool.h:16,
>                  from drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:13:
> In function 'strncpy',
>     inlined from 'bnxt_fill_coredump_record' at drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:2863:2:
> include/linux/string.h:254:9: error: '__builtin_strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
>
> Using strlcpy() at least avoids overflowing the destination buffer
> and adds proper nul-termination. It may still truncate long names
> though, which probably can't be solved here.
>
> Fixes: 6c5657d085ae ("bnxt_en: Add support for ethtool get dump.")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

Thanks.

Acked-by: Michael Chan <michael.chan@broadcom.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] bnxt_en: avoid string overflow for record->system_name
  2018-08-13 21:26 [PATCH] bnxt_en: avoid string overflow for record->system_name Arnd Bergmann
  2018-08-13 21:47 ` Michael Chan
@ 2018-08-14  3:46 ` David Miller
  1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2018-08-14  3:46 UTC (permalink / raw)
  To: arnd
  Cc: michael.chan, vasundhara-v.volam, scott.branden, gospo, netdev,
	linux-kernel

From: Arnd Bergmann <arnd@arndb.de>
Date: Mon, 13 Aug 2018 23:26:54 +0200

> The utsname()->nodename string may be 64 bytes long, and it gets
> copied without the trailing nul byte into the shorter record->system_name,
> as gcc now warns:
> 
> In file included from include/linux/bitmap.h:9,
>                  from include/linux/ethtool.h:16,
>                  from drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:13:
> In function 'strncpy',
>     inlined from 'bnxt_fill_coredump_record' at drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:2863:2:
> include/linux/string.h:254:9: error: '__builtin_strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
> 
> Using strlcpy() at least avoids overflowing the destination buffer
> and adds proper nul-termination. It may still truncate long names
> though, which probably can't be solved here.
> 
> Fixes: 6c5657d085ae ("bnxt_en: Add support for ethtool get dump.")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

Applied.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-08-14  3:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-13 21:26 [PATCH] bnxt_en: avoid string overflow for record->system_name Arnd Bergmann
2018-08-13 21:47 ` Michael Chan
2018-08-14  3:46 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).